ID de Prueba:	1.3.6.1.4.1.25623.1.0.103862
Categoría:	Web application abuses
Título:	D-Link DSR Router Series SQL Injection Vulnerability
Resumen:	D-Link DSR Router Series are prone to an SQL-injection vulnerability.
Descripción:	Summary: D-Link DSR Router Series are prone to an SQL-injection vulnerability. Vulnerability Insight: It was possible to login into the remote D-Link DSR Router using `admin` as username and `' or 'a'='a` as password. Vulnerability Impact: A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N (Firmware < v1.05B64) D-Link DSR-250 and DSR-250N (Firmware < v1.08B44) D-Link DSR-500 and DSR-500N (Firmware < v1.08B77) D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77) Solution: Updates are available. Please see the references or vendor advisory for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5945 http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf http://www.exploit-db.com/exploits/30061 Common Vulnerability Exposure (CVE) ID: CVE-2013-5946 Common Vulnerability Exposure (CVE) ID: CVE-2013-7004 Common Vulnerability Exposure (CVE) ID: CVE-2013-7005
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.